Lucene search
K

714 matches found

Prion
Prion
added 2007/04/30 11:19 p.m.17 views

Design/Logic Flaw

The Getahead Direct Web Remoting DWR framework 1.1.4 exchanges data using JavaScript Object Notation JSON without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and...

5CVSS6.7AI score0.01877EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2007/04/30 12:0 a.m.6 views

PT-2007-3710 · Getahead · Getahead Dwr

Name of the Vulnerable Software and Affected Versions: Getahead Direct Web Remoting DWR framework version 1.1.4 Description: The issue allows remote attackers to obtain data through a web page that retrieves the data using a URL in the SRC attribute of a SCRIPT element and captures the data using...

5CVSS6.2AI score0.01877EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2007/01/17 12:0 a.m.14 views

Microsoft Remoting Client Detection

Binary data 3886.prm...

7.3AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2007/01/17 12:0 a.m.279 views

TCP Channel Detection

The remote host is running a TCP-based .NET Remoting Channel Service, also known as a 'TCP channel'. .NET Remoting is an API developed by Microsoft and used for interprocess communications, and a channel service provides the mechanism by which such communications occur. Two channel services are...

5.5AI score
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2007/01/17 12:0 a.m.12 views

Microsoft Remoting Client Detection (deprecated)

Binary data 3885.prm...

7.3AI score
Exploits0
Prion
Prion
added 2007/01/12 5:4 a.m.16 views

Design/Logic Flaw

Getahead Direct Web Remoting DWR before 1.1.4 allows attackers to cause a denial of service memory exhaustion and servlet outage via unknown vectors related to a large number of calls in a batch...

5CVSS6.5AI score0.01464EPSS
Exploits0References7Affected Software1
Prion
Prion
added 2007/01/12 5:4 a.m.14 views

Cross site request forgery (csrf)

Getahead Direct Web Remoting DWR before 1.1.4 allows attackers to obtain unauthorized access to public methods via a crafted request that bypasses the include/exclude checks...

7.5CVSS6.4AI score0.01439EPSS
Exploits0References7Affected Software1
Cvelist
Cvelist
added 2007/01/11 2:0 a.m.33 views

CVE-2007-0185

Getahead Direct Web Remoting DWR before 1.1.4 allows attackers to cause a denial of service memory exhaustion and servlet outage via unknown vectors related to a large number of calls in a batch...

7.2AI score0.01464EPSS
Exploits0References7
CVE
CVE
added 2007/01/11 2:0 a.m.54 views

CVE-2006-6916

CVE-2006-6916 affects Getahead Direct Web Remoting (DWR) prior to 1.1.3. The provided connected Red Hat entry corroborates that attackers can cause a denial of service (infinite loop) via crafted input. The exact root cause, vulnerable component(s) within DWR, affected versions beyond the stated ...

7.5CVSS6.7AI score0.02838EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2007/01/11 2:0 a.m.75 views

CVE-2007-0185

DWR (Getahead Direct Web Remoting) before version 1.1.4 is vulnerable to denial of service due to memory exhaustion triggered by a large number of batched calls; the specific vectors are not detailed in the provided documents. No remediation details are present here.

5CVSS7.2AI score0.01464EPSS
Exploits0References7Affected Software1
CVE
CVE
added 2007/01/11 2:0 a.m.62 views

CVE-2007-0184

CVE-2007-0184 concerns Getahead Direct Web Remoting (DWR) prior to 1.1.4. A crafted request can bypass include/exclude checks and enable unauthorized access to public methods, indicating an authorization bypass vulnerability . The connected documents reference this CVE across multiple advisories ...

7.5CVSS7.2AI score0.01439EPSS
Exploits0References7Affected Software1
NVD
NVD
added 2006/09/14 12:7 a.m.15 views

CVE-2006-4724

Unspecified vulnerability in the ColdFusion Flash Remoting Gateway in Adobe ColdFusion MX 7 and 7.01 allows remote attackers to cause a denial of service infinite loop via unspecified vectors involving a crafted command...

5CVSS6.6AI score0.02469EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 1999/01/01 12:0 a.m.8 views

PT-2025-33029

Name of the Vulnerable Software and Affected Versions: Hyland OnBase versions prior to 17.0.2.87 Description: Hyland OnBase is vulnerable to unauthenticated remote code execution via insecure deserialization on the .NET Remoting TCP channel. The service registers a listener on port 6031 with the...

10CVSS8.8AI score0.0061EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 1999/01/01 12:0 a.m.13 views

PT-2025-50337

Name of the Vulnerable Software and Affected Versions Barracuda Service Center versions prior to 2025.1.1 Description Barracuda Service Center, part of the RMM solution, has a .NET Remoting service that does not adequately protect against the deserialization of arbitrary types. This can allow for...

10CVSS7.5AI score0.39589EPSS
Exploits5References28
Rows per page
Query Builder